cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5973,https://securityvulnerability.io/vulnerability/CVE-2024-5973,Plugin Vulnerability Could Allow Unauthorized Access to Functionalities,"The MasterStudy LMS WordPress Plugin prior to version 3.3.24 contains a flaw that allows unauthorized users, specifically students, to create instructor accounts. This functionality failure may lead to unauthorized access to sensitive instructor features, presenting risks to the integrity and security of educational content and user management. Users are advised to update to the latest version to mitigate this vulnerability.",Wordpress,Masterstudy Lms WordPress Plugin,8.8,HIGH,0.0005499999970197678,false,,false,false,true,true,false,false,2024-07-22T06:00:05.733Z,0
CVE-2024-3942,https://securityvulnerability.io/vulnerability/CVE-2024-3942,Unauthorized Access and Data Modification in MasterStudy LMS Plugin for WordPress,"The MasterStudy LMS WordPress Plugin for Online Courses is susceptible to unauthorized access and data manipulation due to a lack of necessary capability checks on various functions. This vulnerability affects all versions up to and including 3.3.8 and enables authenticated users with subscriber-level permissions to read and alter sensitive content, including course material, post titles, and taxonomy settings. This significant security gap highlights the need for vigilance and timely updates to maintain the integrity of educational platforms relying on this plugin.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:11.285Z,0
CVE-2024-3136,https://securityvulnerability.io/vulnerability/CVE-2024-3136,Local File Inclusion Vulnerability in MasterStudy LMS Plugin for WordPress,"The MasterStudy LMS plugin for WordPress is susceptible to Local File Inclusion due to a flaw in the 'template' parameter. This vulnerability allows unauthorized attackers to include and execute arbitrary files on the server, potentially leading to the execution of malicious PHP code. Such exploitation can bypass access controls, allow unauthorized access to sensitive information, and could enable the execution of unexpected code through file types that are generally considered safe for upload. All versions up to and including 3.3.3 are affected, highlighting the need for immediate action to secure these installations.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,false,false,2024-04-09T18:59:08.441Z,0
CVE-2024-1904,https://securityvulnerability.io/vulnerability/CVE-2024-1904,Unauthorized Access to Data Due to Missing Capability Check,"The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:37.248Z,0
CVE-2024-2411,https://securityvulnerability.io/vulnerability/CVE-2024-2411,Arbitrary File Inclusion Vulnerability in MasterStudy LMS Plugin for WordPress,"The MasterStudy LMS plugin for WordPress, developed by Stylemix Themes, is susceptible to a Local File Inclusion vulnerability that affects all versions up to and including 3.3.0. This issue arises through the 'modal' parameter, permitting unauthenticated attackers to include and execute arbitrary files on the server. The exploit allows for the execution of any PHP code contained within those files, posing a serious risk of bypassing access controls. Consequently, this vulnerability may lead to unauthorized access to sensitive data and potentially facilitate broader code execution attacks, exploiting scenarios where 'safe' file types like images can be uploaded and included.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-29T08:31:30.436Z,0
CVE-2024-2409,https://securityvulnerability.io/vulnerability/CVE-2024-2409,Unauthenticated Privilege Escalation Vulnerability in MasterStudy LMS Plugin,"The MasterStudy LMS plugin for WordPress exhibits a vulnerability that allows unauthenticated attackers to escalate privileges, particularly gaining administrator-level access through the _register_user() function linked with the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This occurs due to inadequate validation checks present in all versions prior to 3.3.2. When the LMS Forms Editor add-on is enabled, this flaw enables malicious actors to exploit the system and register themselves or others with elevated permissions, posing serious security risks to any website utilizing this plugin. Website administrators are urged to update to the latest version and review their security configurations.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-29T08:31:29.816Z,0
CVE-2024-2106,https://securityvulnerability.io/vulnerability/CVE-2024-2106,Information Exposure Vulnerability in MasterStudy LMS WordPress Plugin,"The MasterStudy LMS WordPress Plugin, used for managing online courses and education, is affected by an Information Exposure vulnerability in versions up to and including 3.2.10. This flaw allows unauthenticated attackers to gain access to sensitive information, specifically the usernames and email addresses of all registered users. Such data can be exploited for further malicious activities, leading to potential account compromises and increased security risks for the affected users.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,7.5,HIGH,0.0006000000284984708,false,,false,false,false,,false,false,2024-03-13T15:26:39.888Z,0
CVE-2024-1512,https://securityvulnerability.io/vulnerability/CVE-2024-1512,Unauthenticated SQL Injection Vulnerability in MasterStudy LMS WordPress Plugin,"A vulnerability exists in the MasterStudy LMS WordPress Plugin for Online Courses and Education, which allows for union based SQL Injection via the 'user' parameter in the /lms/stm-lms/order/items REST route. This flaw originates from inadequate escaping of the user-supplied input and fails to sufficiently prepare the SQL query. As a result, unauthenticated attackers can inject malicious SQL queries that append to existing queries, potentially facilitating the extraction of sensitive information from the database.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.0008399999933317304,false,,false,false,true,true,false,false,2024-02-17T07:36:57.426Z,0
CVE-2023-4278,https://securityvulnerability.io/vulnerability/CVE-2023-4278,MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation,"The MasterStudy LMS WordPress Plugin, prior to version 3.0.18, lacks adequate validation controls during the registration process. This flaw allows unauthenticated users to register as instructors, thereby gaining unauthorized access to functionalities that include adding courses and posts. The absence of proper access checks significantly heightens the risk of abuse, posing a threat to the integrity of sites utilizing this plugin.",Wordpress,MasterStudy LMS WordPress Plugin,7.5,HIGH,0.030519999563694,false,,false,false,true,true,false,false,2023-09-11T20:15:00.000Z,0
CVE-2023-35093,https://securityvulnerability.io/vulnerability/CVE-2023-35093,WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control,"Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the ""Orders"" of the plugin and get the data related to the order like email, username, and more.",Wordpress,MasterStudy LMS WordPress Plugin – for Online Courses and Education,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2023-06-22T12:15:00.000Z,0
CVE-2023-35090,https://securityvulnerability.io/vulnerability/CVE-2023-35090,WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS),Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.,Wordpress,MasterStudy LMS WordPress Plugin – for Online Courses and Education,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-06-22T11:15:00.000Z,0
CVE-2022-0441,https://securityvulnerability.io/vulnerability/CVE-2022-0441,MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation,"The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin",Wordpress,Masterstudy Lms – WordPress Lms Plugin,9.8,CRITICAL,0.9434599876403809,false,,false,false,true,true,false,false,2022-03-07T08:16:43.000Z,0